Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Large-Scale Attempts to Attack WordPress Sites
Alerts

Large-Scale Attempts to Attack WordPress Sites

6 May 2020

Large-scale attempts to attack WordPress sites have been observed by Wordfence, a cybersecurity firm which runs a WordPress security plugin.

The attacks leverage Cross-Site Scripting (XSS) vulnerabilities in outdated WordPress plugins to implant JavaScript code. This code redirects users to malicious websites and further leverages logged-in administrators to create backdoor accounts without their knowledge.

Administrators and site owners using the affected products are advised to enable automatic updates or perform regular updates of WordPress and its plugins to protect against known vulnerabilities. Administrators and site owners are also advised to deactivate and delete any plugins that have been removed from the WordPress plugin repository.

More information is available at:

https://www.wordfence.com/blog/2020/05/nearly-a-million-wp-sites-targeted-in-large-scale-attacks/

https://www.zdnet.com/article/a-hacker-group-tried-to-hijack-900000-wordpress-sites-over-the-last-week/

Back to top